Get Started

Contact Us

Get In Touch

Fill out the form below and we will contact you shortly.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Resources

Financial Institutions are Vulnerable to Cybersecurity Threats

The Banking and Financial Services Industry is targeted by cybersecurity attackers 300 times more frequently than other industries. Financial firms are spending on average $3,000 per employee on cyber security reflecting a three fold increase in the last four years to combat the surge of state level attacks on their data. Cybercriminals and state sponsored attacks targeting banks are becoming increasingly sophisticated, stealing sensitive customer data for a variety of fraudulent activities.

Breaches in the financial sector compromise significantly more information records than breaches in other sectors. 

Of the data breaches reported last year, 19% involved the financial sector, including entities such as banks, credit unions, credit card companies, mortgage and loan brokers, financial services, investment firms and trust companies, payday lenders and pension funds. While the banks and financial institutions make up less than 20% of total data breaches, breaches in the financial sector compromise significantly more information records than breaches in other sectors. 

Recent Breaches Highlight Sector Impact

Three examples of cybersecurity breaches in the financial services industry highlight the importance of financial services professionals being aware of the breadth and causes of successful cyberattacks while serving as a reminder of the need to keep their data secured at the highest standard.

  • Capital One: On July 29, 2019 Capital One announced that it had suffered a data breach compromising the credit card applications of around 100 million individuals after a software engineer hacked into a cloud-based server. Capital One claimed that 140,000 SSNs and over 80,000 bank account numbers were stolen. As of late 2019, this breach has cost the bank $150 million in damages. 

  • Equifax: On September 7, 2017 Equifax announced one of the biggest data breaches in history with more than 150 million customer records compromised. This confidential information included names, address, birth dates, social security numbers. As of 2019, Equifax has said the cost is $1.35 billion in costs associated with the data breach, which includes $82.8 million in technology and data security costs, $12.5 million in quarterly legal and investigative fees, $1.5 million for product liability, and $690 million in "losses associated with certain legal proceedings and investigations."  The total figure is likely to rise, as it faces more than 1,000 individual and class-action lawsuits from victims of the breach. The firm has agreed to spend at least $1 billion on improving its cybersecurity posture in the coming five years.

  • GozNym Gang: The group stole over $100 million from more than 40,000 victims, mainly by accessing bank accounts of small businesses, law firms, international corporations, and nonprofit organizations. On May 16, 2019, Europol, the U.S. Department of Justice (DoJ), and six other countries, dismantled the group of international cyber criminals that used the GozNym malware for these attacks. 

Valuable Customer Data Enables Identify Theft

Data held by financial institutions is highly valuable because it allows cybercriminals to perpetrate fraud for financial gain

The reason is simple: the data held by financial institutions is highly valuable because it allows cybercriminals to perpetrate fraud for financial gain such gaining access to existing accounts, opening fraudulent accounts and obtaining lines of credits. Three critical pieces of data that the Banking and Financial Markets industry tries to protect are the customer's identity, account information, and credit card information. This information can be discovered through several data sources that banks and financial institutions routinely store in customer files: 

  • Bank account numbers; 
  • Names, user accounts/logins, passwords; 
  • Credit card and payment data;
  • Social security numbers;
  • Home or business addresses;  
  • Date of birth;
  • Account balances;
  • Tax returns; 
  • Financial statements; and
  • Loan documents.

Losing Reputation and Trust Means Losing Customers

Providing customers with a positive digital experience without compromising on security is key for banks and financial services companies in today’s market. Attacks on banks and financial services can result in significant, tangible damages such as lawsuits, legal fees, fines and fraud monitoring costs. For example, following a data breach one organization was obliged to provide affected customers with free credit monitoring for one year, and to reimburse all resulting damages.

In addition to substantial immediate costs to the organization, longer term intangible costs include the loss of customer trust from compromised personal data and potential reputation damage that could impact the company’s brand and market value

Loss of customer trust from compromised personal data and potential reputation damage that could impact the company’s brand and market value

In a survey of identity theft and fraud victims, a significant number of respondents left their banks (28 percent), credit card companies (22.4 percent) and credit unions (12.3 percent) as result of unauthorized activity on their accounts.

 

A Regulatory Response to Financial Sector Breaches 

State governments are taking steps to ensure banks and financial institutions follow best practices in protecting customer data.  The New York Department of Financial Services (NYDFS) Cybersecurity Regulation, also known as the 23 NYCRR Part 500. The regulation puts more accountability for cybersecurity breaches on senior executives of financial services companies operating in New York City.

Just this single regulation is estimated to affect around 1,900 businesses in the Banking and Financial Markets industry. Firms are required to perform regular audits and employee training activities to comply with the regulation.

These institutions are subject to the cybersecurity requirements published by the NYDFS. There are 22 provisions in total, each relating to data protection.  As per the requirements, financial institutions must perform risk assessments in order to identify loopholes and ensure that nonpublic information and information systems are safe from unauthorized access. These may include risk-based authentication, multi factor authentication, and biometric authentication.

To address these needs, the size of the cybersecurity market servicing the financial sector is growing at a rapid pace and is projected to exceed $68 billion by 2020.

Recognize Risk and Take Steps To Mitigate

Financial institutions will continue to face ongoing cybersecurity threats. Cybercriminals will continue to seek out and find new ways to infiltrate your organization’s network. The goal might be to steal customer data or money.  Regardless of the goal, the methods cybercriminals employ are constantly evolving and becoming more sophisticated and potentially damaging. 

To properly respond, financial institutions must be prepared to adapt and redirect at every turn to counter both these evolving threats and from old proven methods. It is also critical that banks and other financial institutions take steps to prepare for a cyber breach by having a data breach response plan in place.

A growing number of CEOs recognize the emergence of data breaches and cyber attacks as the greatest risk banks and financial services companies face. That is the purpose behind the development of CyCloud - CyLogic’s flagship offering. We deliver a higher level of security than any public cloud provider. Our team would be happy to discuss how to mitigate the complex challenges the banking and financial services sector faces.

Related Posts